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DETAILED ACTION 



Information Disclosure Statement 

The information disclosure statements filed July 23, 2003, March 27, 2006 and 
November 3, 2006 has been placed in the application file and the information referred to 
therein has been considered as to the merits. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 22, 37 and 42-45 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. Claims 22, 37 and 42-45, are 
claims to a computer readable media. Applicant's specification, paragraph [0082], 
clearly discloses the computer readable media can be either computer storage media, 
communications media or a combination of both. Communications media, such as 
carrier waves or modulated signals, lack the necessary physical articles or objects that 
constitute a machine or manufacture within the meaning of 35 USC 101 . Further, the 
communication media is not a combination of chemical compounds forming a 
composition of matter nor is the media a series of steps in a process. Therefore, the 
communication media (carrier waves, modulated signals, etc.) does not fall within one of 
the four classes of an invention and as such the above listed claims are deemed non- 
statutory. 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

Claims 1-45 are rejected under 35 U.S.C. 102(e) as being anticipated by US 
20020104015 granted to Barzilai. 

Regarding claim 1 , Barzilai meets the claimed limitations as follows: 
"A method of establishing permission to use information associated with a user, said 
method comprising: 

identifying the user in connection with an application, said application requesting 
to use selected information associated with the user according to a predefined policy; 

determining whether permission was previously granted for the application to use 
the selected information according to the policy; 

and notifying the user if a change has been made to the policy since the 
permission was previously granted for the application to use the selected information." 
see Abstract; paragraphs [0059], [0061]-[0064], [0086]-[0102], [0113]-[0120] and 
Figures 1 , 6 and 7. 

Regarding claim 2, Barzilai meets the claimed limitations as follows: 
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"The method of claim 1 , wherein notifying the user comprises providing a user interface 
to inform the user of the change to the policy since the permission was previously 
granted for the application to use the selected information." see paragraphs [0094]- 
[0099] and Figure 1 . 

Regarding claim 3, Barzilai meets the claimed limitations as follows: 
"The method of claim 1 , further comprising requesting consent to the change via the 
user interface." see paragraphs [0091]-[0099] and Figure 6. 

Regarding claim 4, Barzilai meets the claimed limitations as follows: 
"The method of claim 3, further comprising denying use of the selected information by 
the application until consent to the change is granted in response to the user interface." 
see paragraphs [0091]-[0099] and Figure 6. 

Regarding claim 5, Barzilai meets the claimed limitations as follows: 
"The method of claim 3, further comprising denying use of the selected information by 
the application if consent to the change is denied in response to the user interface." see 
paragraphs [0091]-[0099] and Figure 6. 

Regarding claim 6, Barzilai meets the claimed limitations as follows: 
"The method of claim 3, wherein the identified user is associated with a managed 
account and wherein requesting consent to the change comprises requesting consent to 
the change from a manager of the account." see paragraphs [0091]-[0099] and Figure 
6. 

Regarding claim 7, Barzilai meets the claimed limitations as follows: 
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"The method of claim 1, further comprising defining a consent state associated with the 
user, said consent state directly corresponding to a version of the policy for which the 
user has granted permission to the application to use the selected information." see 
paragraphs [0091]-[0099] and Figure 6. 

Regarding claim 8, Barzilai meets the claimed limitations as follows: 
"The method of claim 7, further comprising maintaining a user profile associated with 
the user and storing the consent state in user profile." see paragraphs [0091]-[0099] and 
Figure 6. 

Regarding claim 9, Barzilai meets the claimed limitations as follows: 
"The method of claim 7, further comprising identifying which version of the policy is 
currently in use for the application and determining when the version of the policy 
corresponding to the consent state is different from the version of the policy currently in 
use for the application." see paragraphs [0091]-[0099] and Figure 6. 

Regarding claim 1 0, Barzilai meets the claimed limitations as follows: 
"The method of claim 9, wherein notifying the user of the change to the policy is 
responsive to determining when the version of the policy corresponding to the consent 
state is different from the version of the policy currently in use for the application." see 
paragraphs [0091]-[0099] and Figure 6. 

Regarding claim 1 1 , Barzilai meets the claimed limitations as follows: 
"The method of claim 7, wherein identifying the user comprises receiving login 
information from the user and authenticating the user based on the received login 
information." see paragraphs [0086]-[0099] and Figure 6. 
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Regarding claim 12, Barzilai meets the claimed limitations as follows: 
"The method of claim 10, wherein authenticating the user comprises associating a 
unique identifier with the user." see paragraphs [0086]-[0099] and Figure 6. 

Regarding claim 13, Barzilai meets the claimed limitations as follows: 
"The method of claim 12, further comprising associating the unique identifier for the user 
to the consent state associated with the user." see paragraphs [0086]-[0099] and Figure 
6. 

Regarding claim 14, Barzilai meets the claimed limitations as follows: 
"The method of claim 1 , further comprising storing information representative of which 
version of the policy is current." see paragraphs [0094]-[0099] and Figure 6. 

Regarding claim 15, Barzilai meets the claimed limitations as follows: 
"The method of claim 1 , further comprising storing content of the change to the policy 
relative to a version of the policy." see paragraphs [0094]-[0099] and Figure 6. 

Regarding claim 16, Barzilai meets the claimed limitations as follows: 
"The method of claim 1 , further comprising maintaining a notification store containing 
information representative of one or more of the following: a grace period for granting 
consent to the change to the policy; content of the change to the policy relative to a 
version of the policy; and a current version number of the policy." see paragraphs 
[0094]-[0099] and Figure 6. 

Regarding claim 17, Barzilai meets the claimed limitations as follows: 
"The method of claim 1 , wherein the application comprises a web service provided to 
the user via a client by one or more network servers, said client and network servers 
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being coupled to a data communication network." see paragraphs [0060], [0064], 
[0065], [0081]-[0085] and Figures 1 and 6. 

Regarding claim 1 8, Barzilai meets the claimed limitations as follows: 
"The method of claim 17, further comprising managing use of the selected information 
as a function of whether the user has a relationship with another web service." see 
paragraphs [0060], [0064], [0065], [0081]-[0085] and Figures 1 and 6. 

Regarding claim 1 9, Barzilai meets the claimed limitations as follows: 
"The method of claim 17, further comprising storing, in a central database, a user profile 
containing the information associated with the user, said central database being 
associated with a central server coupled to the data communication network." see 
paragraphs [0060], [0064], [0065], [0081]-[0085] and Figure 1. 

Regarding claim 20, Barzilai meets the claimed limitations as follows: 
"The method of claim 17, wherein the client operates a browser configured to permit the 
user to communicate on the data communication network, and wherein notifying the 
user comprises providing a user interface via the browser to inform the user of the 
change to the policy and to request re-consent." see paragraphs [0063], [0086]-[0099] 
and Figures 1 and 6. 

Regarding claim 21 , Barzilai meets the claimed limitations as follows: 
"The method of claim 17 wherein the network servers are web servers and 
the data communication network is the Internet." see paragraphs [0060], [0064], [0065], 
[0081 ]-[0085] and Figure 1. 

Regarding claim 22, Barzilai meets the claimed limitations as follows: 
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"One or more computer-readable media have computer-executable instructions for 
performing the method of claim 1 ." see paragraph [0059] and Figure 1 . 

Regarding claim 23, Barzilai meets the claimed limitations as follows: 
"A method of managing consent between a client and at least one network server, said 
client and said network server being coupled to a data communication network, said 
network server providing one or more services to a user via the client, said client 
operating a browser configured to permit the user to communicate on the data 
communication network, said method comprising: 

identifying the user in connection with the network server, said network server 
requesting to use selected information associated with the user according to a 
predefined policy; 

defining a consent state associated with the identified user, said consent state 
directly corresponding to a version of the policy for which permission has been granted 
for the network server to use the selected information; 

identifying which version of the policy is currently in use for the network server; 

and providing a user interface via the browser to notify the user when the version 
of the policy corresponding to the consent state is different from the version of the policy 
currently in use for the network server." see Abstract; paragraphs [0059], [0061]-[0064], 
[0086]-[0102], [01 13]-[0120] and Figures 1, 6 and 7. 

Regarding claim 24, Barzilai meets the claimed limitations as follows: 
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"The method of claim 23, wherein the user interface is provided by a central server also 
coupled to the data communication network." see Abstract; paragraphs [0059], [0061]- 
[0065], [0073] and Figures 1 and 6. 

Regarding claim 25, Barzilai meets the claimed limitations as follows: 
"The method of claim 23, further comprising notifying the user of one or more 
differences between the version of the policy corresponding to the consent state and the 
version of the policy currently in use for the network server." see paragraphs [0091]- 
[0099] and Figure 6. 

Regarding claim 26, Barzilai meets the claimed limitations as follows: 
"The method of claim 23, further comprising requesting consent to the version of the 
policy currently in use for the network server via the user interface." see paragraphs 
[0091]-[0099] and Figure 6. 

Regarding claim 27, Barzilai meets the claimed limitations as follows: 
"The method of claim 26, further comprising denying use of the selected information by 
the network server until the consent is granted in response to the user interface." see 
paragraphs [0091]-[0099] and Figure 6. 

Regarding claim 28, Barzilai meets the claimed limitations as follows: 
"The method of claim 26, further comprising denying use of the selected information by 
the network server if the consent is denied in response to the user interface." See 
paragraphs [0091]-[0099] and Figure 6. 

Regarding claim 29, Barzilai meets the claimed limitations as follows: 
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"The method of claim 26, wherein the identified user is associated with a managed 
account and wherein requesting consent to the version of the policy currently in use 
comprises requesting consent from a manager of the account." see paragraphs [0091]- 
[0099] and Figure 6. 

Regarding claim 30, Barzilai meets the claimed limitations as follows: 
"The method of claim 23, further comprising maintaining a user profile associated with 
the user and storing the consent state in user profile." see paragraphs [0091]-[0099] and 
Figure 6. 

Regarding claim 31 , Barzilai meets the claimed limitations as follows: 
"The method of claim 23, further comprising storing content of a change to the policy 
corresponding to the consent state relative to the version of the policy currently in use 
for the network server." see paragraphs [0091]-[0099] and Figure 6. 

Regarding claim 32, Barzilai meets the claimed limitations as follows: 
"The method of claim 23, further comprising maintaining a notification store containing 
information representative of one or more of the following: a grace period for granting 
consent to the change to the policy; content of a change to the policy relative to 
a later version of the policy; and a current version number of the policy." see 
paragraphs [0091]-[0099] and Figure 6. 

Regarding claim 33, Barzilai meets the claimed limitations as follows: 
"The method of claim 23, further comprising managing use of the selected information 
as a function of whether the user has a relationship with another service." see 
paragraphs [0060], [0064], [0065], [0081]-[0085] and Figures 1 and 6. 
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Regarding claim 34, Barzilai meets the claimed limitations as follows: 
"The method of claim 23, further comprising storing, in a central database, a user profile 
containing the information associated with the user, said central database being 
associated with a central server coupled to the data communication network." see 
paragraphs [0060], [0064], [0065], [0081]-[0085] and Figures 1 and 6. 

Regarding claim 35, Barzilai meets the claimed limitations as follows: 
"The method of claim 34 wherein the central server is an authentication server of a 
multi-site user authentication system and the network servers are affiliated with the 
authentication server, said authentication server receiving requests to authenticate the 
user when the user requests the web service to be provided by one or more of the 
affiliated network servers." see paragraphs [0060], [0064], [0065], [0081]-[0085] and 
Figures 1 and 6. 

Regarding claim 36, Barzilai meets the claimed limitations as follows: 
"The method of claim 23, wherein the network servers are web servers and the data 
communication network is the Internet." see paragraphs [0060], [0064], [0065], [0081]- 
[0085] and Figure 1 . 

Regarding claim 37, Barzilai meets the claimed limitations as follows: 
"One or more computer-readable media have computer-executable instructions for 
performing the method of claim 23." see paragraph [0059] and Figure 1 . 

Regarding claim 38, Barzilai meets the claimed limitations as follows: 
"An authentication system comprising: 

an authentication server coupled to a data communication network; 



Application/Control Number: 10/625,884 Page 12 

Art Unit: 2137 

an authentication database associated with the authentication server, said 
authentication database storing authentication information for comparison to login 
information provided by a user for authenticating the user, said authentication database 
further storing user-specific information identifying the user with respect to one or more 
services provided by at least one affiliate server coupled to the data communication 
network, said affiliate server providing the one or more services to the user via a client 
coupled to the data communication network and requesting to use selected information 
associated with the user according to a predefined policy; 

said authentication server being configured to identify which version of the policy 
is currently in use for the affiliate server and to provide a user interface for notifying the 
user when the version of the policy currently in use is different from a policy 

under which the user previously granted permission for the affiliate server to use 
the selected information." see Abstract; paragraphs [0059], [0061]-[0064], [0086]-[0102], 
[01 1 3]-[01 20] and Figures 1 , 6 and 7. 

Regarding claim 39, Barzilai meets the claimed limitations as follows: 
"The system of claim 38, further comprising a notification store containing information 
representative of one or more of the following: a grace period for the user to consent to 
the change to the policy; content of a change to the policy relative to a later version of 
the policy; and a current version number of the policy." see paragraphs [0091]-[0099] 
and Figure 6. 

Regarding claim 40, Barzilai meets the claimed limitations as follows: 
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"The system of claim 38, wherein the user interface provided by the authentication 
server further displays a user-selectable option for requesting consent from the user for 
the version of the policy currently in use for the affiliate server." see paragraphs [0063], 
[0086]-[0099] and Figure 6. 

Regarding claim 41 , Barzilai meets the claimed limitations as follows: 
"The system of claim 38, wherein the affiliate server is a web server and the data 
communication network is the Internet." see paragraphs [0060], [0064], [0065], [0081]- 
[0085] and Figure 1 . 

Regarding claim 42, Barzilai meets the claimed limitations as follows: 
"One or more computer-readable media having computer-executable components for 
managing consent between a client and at least one network server, said client and said 
network server being coupled to a data communication network, said network server 
providing one or more services to a user via the client and requesting to use selected 
information associated with the user according to a predefined policy, said computer- 
readable media comprising: 

an authentication component for authenticating the user and for identifying which 
version of the policy is currently in use for the network server; 

a profiling component for determining whether the user previously granted 

permission for the network server to use the selected information and for 
retrieving a consent state associated with the user, said consent state directly 
corresponding to a version of the policy for which the user has previously granted 
permission for the network server to use the selected information; 
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and a re-consent component for notifying the user of one or more differences 
between the version of the policy currently in use for the network server and the version 
of the policy associated with the consent state and for requesting consent to the 
differences from the user." see Abstract; paragraphs [0059], [0061]-[0064], [0086]- 
[0102], [01 13]-[0120] and Figures 1 , 6 and 7. 

Regarding claim 43, Barzilai meets the claimed limitations as follows: 
"The computer-readable media of claim 42, further comprising a user profile store 
containing information associated with the user and wherein the central server is 
responsive to the profiling component for retrieving the consent state associated with 
the user from the user profile store." see paragraphs [0091]-[0099] and Figure 6. 

Regarding claim 44, Barzilai meets the claimed limitations as follows: 
"The computer-readable media of claim 42, wherein the re-consent component 
comprises an interface component for providing a user interface to the user via the 
client." see paragraphs [0091]-[0099] and Figure 6. 

Regarding claim 45, Barzilai meets the claimed limitations as follows: 
"The computer-readable media of claim 42, further comprising a notification store 
containing information representative of one or more of the following: a grace period for 
the user to consent to the change to the policy; content of the change to the policy 
relative to a version of the policy; and a current version number of the policy." see 
paragraphs [0091]-[0099] and Figure 6. 



Conclusion 
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The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

A. Aarts et al (US 20050076233) discloses a method for transmitting data subject 
to privacy restrictions. 

B. Desio (US 20040133454) discloses a method for using an electronic consent 
form for retrieving data. 

C. Feng et al (US 20040083243) discloses a system for managing a Web users' 
privacy preferences. 

D. Mathew et al (US 20040044628) discloses a method for enforcing online 
identity consent policies. 

E. Willner et al (US 20030023451) discloses a method for identifying privacy 

levels. 

F. Borgia et al (US 20020129221) discloses a system for tracking compliance 
with policies. 

G. Salmenkaita et al (US 7,072,886) discloses a method for maintaining privacy 
in distributed systems. 

H. Veldhuisen (US 6,480,850) discloses a system for managing data privacy in a 
database management system. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew B. Smithers whose telephone number is (571) 
272-3876. The examiner can normally be reached on Monday-Friday (8:00-4:30) EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel L. Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571 - 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




Matthew© Smithers 
Primary Examiner 
Art Unit 2137 



